FACTA: Fair and Accurate Credit Transactions Act.     Business Compliance Issues - Special Report

The Fair and Accurate Credit Transactions Act (FACTA) is a consumer rights bill that became effective June 1st, 2005.

It was published in the Federal Register on November 24, 2004 [69 Fed Reg 68690], and is available at www.ftc.gov/os/2004/11/041118disposalfrn.pdf.

In this Special Report "FACTA: Compliance and Liability", we will discuss the aspects of this bill that affect businesses in particular. We will clarify some points and give an overview of some of the main issues that you need to know from a business standpoint.

All companies in the United States are affected by this legislative act.

FACTA was designed to lower the risk of identity theft and consumer fraud. It enforces the proper destruction of consumer information, such as name, address, SSN, credit information. Also included in this bill is the necessity to destroy data compiled from this information.

"Any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, derived from consumer reports for a business purpose" in electronic or paper form must "take reasonable measures to protect against unauthorized access or use of the information in connection with its disposal." - or to "properly dispose of such information or compilation".

FACTA basically requires that all businesses - regardless of size and industry - properly protect and dispose of the personal information they collect about their customers and employees.

The FTC is responding to the fact that identity theft is considered the fastest growing crime in the country, and this agency wants to prevent valuable consumer or employee information from being easily discovered and used for nefarious purposes with criminal intent.

On June 16th the FTC issued the first ruling against a company under FACTA.

The Federal Trade Commission charged that BJ's Wholesale Club did not provide "reasonable security" for sensitive customer information. Allegedly they failed to encrypt credit card numbers that were stored in computers at their stores and the customer information was stored past the date it was required. The files with the customer's numbers and information were protected only by default passwords and were compromised. This resulted in the theft of credit card numbers that were used to run up $13 million in charges.

The FTC is wasting no time in making the point that they plan to enforce this bill. "This case demonstrates our intention to challenge companies that fail to protect adequately consumers sensitive information", said Deborah Platt Majoras, Chairman of the FTC.

Every business can understand from this ruling is that lax security is no longer acceptable when it comes to protecting personal information of employees and customers.

Businesses will now be required to implement effective policies related to all information security, or suffer the consequences.

FACTA Definition of "Consumer Information"